CVE-2021-23338

MEDIUM

qlib - Code Injection

Title source: llm

This affects all versions of package qlib. The workflow function in cli part of qlib was using an unsafe YAML load function.

CVSS v3 6.6

EPSS 0.0285

EPSS Percentile 86.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-502

Status published

microsoft/qlib

pypi/pyqlib < 0.7.0PyPI

Published Feb 15, 2021

Tracked Since Feb 18, 2026